{"result": {"cve": [{"id": "CVE-2012-1942", "type": "cve", "title": "CVE-2012-1942", "description": "The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.", "published": "2012-06-05T19:55:01", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1942", "cvelist": ["CVE-2012-1942"], "lastseen": "2016-09-03T16:30:35"}], "mozilla": [{"id": "MFSA2012-35", "type": "mozilla", "title": "Privilege escalation through Mozilla Updater and Windows Updater Service", "description": "Security researcher James Forshaw of Context Information\nSecurity found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater\ncan be called by the Updater Service or independently on systems that do not use\nthe service. The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable.", "published": "2012-06-05T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2012-35/", "cvelist": ["CVE-2012-1942", "CVE-2012-1943"], "lastseen": "2016-09-05T13:37:45"}, {"id": "MFSA2013-45", "type": "mozilla", "title": "Mozilla Updater fails to update some Windows Registry entries", "description": "Security researcher Robert Kugler discovered that in some\ninstances the Mozilla Maintenance Service on Windows will be vulnerable to some\npreviously fixed privilege escalation attacks that allowed for local privilege\nescalation. This was caused by the Mozilla Updater not updating Windows Registry\nentries for the Mozilla Maintenance Service, which fixed the earlier issues\npresent if Firefox 12 had been installed. New installations of Firefox after\nversion 12 are not affected by this issue. Local file system access is necessary\nin order for this issue to be exploitable and it cannot be triggered through web\ncontent.", "published": "2013-05-14T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2013-45/", "cvelist": ["CVE-2013-1673", "CVE-2012-1942"], "lastseen": "2016-09-05T13:37:39"}], "openvas": [{"id": "OPENVAS:802867", "type": "openvas", "title": "Mozilla Products Updater Service Privilege Escalation Vulnerabilities (Windows)", "description": "This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone\n to multiple vulnerabilities.", "published": "2012-06-19T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802867", "cvelist": ["CVE-2012-1942", "CVE-2012-1943"], "lastseen": "2017-07-12T10:51:34"}], "nessus": [{"id": "SUSE_MOZILLAFIREFOX-8189.NASL", "type": "nessus", "title": "SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8189)", "description": "MozillaFirefox has been updated to 10.0.5ESR fixing various bugs and security issues.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-34)\n\n In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.\n References\n\n Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12. (CVE-2012-1938)\n\n Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939)\n\n Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937)\n\n Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101)\n\n - Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service.\n The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable. (MFSA 2012-35)\n\n Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) Updater.exe loads wsock32.dll from application directory. (CVE-2012-1943)\n\n - Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. (CVE-2012-1944). (MFSA 2012-36)\n\n - Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure. (MFSA 2012-37)\n\n This issue could potentially affect Linux machines with samba shares enabled. (CVE-2012-1945)\n\n - Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. (CVE-2012-1946). (MFSA 2012-38)\n\n - Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. (CVE-2012-0441). (MFSA 2012-39)\n\n - Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem.\n The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable. (MFSA 2012-40)\n\n Heap-buffer-overflow in utf16_to_isolatin1 (CVE-2012-1947) Heap-use-after-free in nsFrameList::FirstChild. (CVE-2012-1940)\n\n Heap-buffer-overflow in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position.\n (CVE-2012-1941)\n\nMore information on security issues can be found on:\nhttp://www.mozilla.org/security/announce/", "published": "2012-06-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59520", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1943"], "lastseen": "2016-09-26T17:24:47"}, {"id": "MOZILLA_THUNDERBIRD_130.NASL", "type": "nessus", "title": "Mozilla Thunderbird < 13.0 Multiple Vulnerabilities", "description": "The installed version of Thunderbird is earlier than 13.0 and thus, is potentially affected by the following security issues :\n\n - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes.\n (CVE-2012-0441)\n\n - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938)\n\n - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable.\n (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)\n\n - Two arbitrary DLL load issues exist related to the application update and update service functionality.\n (CVE-2012-1942, CVE-2012-1943)\n\n - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks.\n (CVE-2012-1944)\n\n - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)\n\n - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)", "published": "2012-06-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59409", "cvelist": ["CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1964", "CVE-2012-1943"], "lastseen": "2017-06-10T06:40:35"}, {"id": "SEAMONKEY_210.NASL", "type": "nessus", "title": "SeaMonkey < 2.10.0 Multiple Vulnerabilities", "description": "The installed version of SeaMonkey is earlier than 2.10.0. Such versions are potentially affected by the following security issues :\n\n - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes.\n (CVE-2012-0441)\n\n - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938)\n\n - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable.\n (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)\n\n - Two arbitrary DLL load issues exist related to the application update and update service functionality.\n (CVE-2012-1942, CVE-2012-1943)\n\n - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks.\n (CVE-2012-1944)\n\n - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)\n\n - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)", "published": "2012-06-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59411", "cvelist": ["CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1964", "CVE-2012-1943"], "lastseen": "2017-06-13T08:38:41"}, {"id": "SUSE_11_MOZILLAFIREFOX-120611.NASL", "type": "nessus", "title": "SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 6425)", "description": "Mozilla Firefox has been updated to 10.0.5ESR fixing various bugs and security issues.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2012-34)\n\n In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.\n References\n\n Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy reported memory safety problems and crashes that affect Firefox 12. (CVE-2012-1938)\n\n Christian Holler reported a memory safety problem that affects Firefox ESR. (CVE-2012-1939)\n\n Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman reported memory safety problems and crashes that affect Firefox ESR and Firefox 13. (CVE-2012-1937)\n\n Ken Russell of Google reported a bug in NVIDIA graphics drivers that they needed to work around in the Chromium WebGL implementation. Mozilla has done the same in Firefox 13 and ESR 10.0.5. (CVE-2011-3101)\n\n - Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by the Updater Service or independently on systems that do not use the service.\n The second of these issues allows for the updater service to load an arbitrary local DLL file, which can then be run with the same system privileges used by the service. Both of these issues require local file system access to be exploitable. (MFSA 2012-35)\n\n Possible Arbitrary Code Execution by Update Service (CVE-2012-1942) Updater.exe loads wsock32.dll from application directory. (CVE-2012-1943)\n\n - Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's (CSP) inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting (XSS) were not fully protected. (CVE-2012-1944). (MFSA 2012-36)\n\n - Security researcher Paul Stone reported an attack where an HTML page hosted on a Windows share and then loaded could then load Windows shortcut files (.lnk) in the same share. These shortcut files could then link to arbitrary locations on the local file system of the individual loading the HTML page. That page could show the contents of these linked files or directories from the local file system in an iframe, causing information disclosure. (MFSA 2012-37)\n\n This issue could potentially affect Linux machines with samba shares enabled. (CVE-2012-1945)\n\n - Security researcher Arthur Gerkis used the Address Sanitizer tool to find a use-after-free while replacing/inserting a node in a document. This use-after-free could possibly allow for remote code execution. (CVE-2012-1946). (MFSA 2012-38)\n\n - Security researcher Kaspar Brand found a flaw in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints, assuming default values for some types that should be rejected as malformed. These issues have been addressed in NSS 3.13.4, which is now being used by Mozilla. (CVE-2012-0441). (MFSA 2012-39)\n\n - Security researcher Abhishek Arya of Google used the Address Sanitizer tool to uncover several issues: two heap buffer overflow bugs and a use-after-free problem.\n The first heap buffer overflow was found in conversion from unicode to native character sets when the function fails. The use-after-free occurs in nsFrameList when working with column layout with absolute positioning in a container that changes size. The second buffer overflow occurs in nsHTMLReflowState when a window is resized on a page with nested columns and a combination of absolute and relative positioning. All three of these issues are potentially exploitable. (MFSA 2012-40)\n\n Heap-buffer-overflow in utf16_to_isolatin1 (CVE-2012-1947) Heap-use-after-free in nsFrameList::FirstChild. (CVE-2012-1940)\n\n Heap-buffer-overflow in nsHTMLReflowState::CalculateHypotheticalBox, with nested multi-column, relative position, and absolute position.\n (CVE-2012-1941)\n\nMore information on security issues can be found on:\nhttp://www.mozilla.org/security/announce/", "published": "2013-01-25T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64208", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1943"], "lastseen": "2016-09-26T17:26:00"}, {"id": "MOZILLA_FIREFOX_130.NASL", "type": "nessus", "title": "Firefox < 13.0 Multiple Vulnerabilities", "description": "The installed version of Firefox is earlier than 13.0 and thus, is potentially affected by the following security issues :\n\n - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes.\n (CVE-2012-0441)\n\n - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1938)\n\n - Two heap-based buffer overflows and one heap-based use- after-free error exist and are potentially exploitable.\n (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)\n\n - Two arbitrary DLL load issues exist related to the application update and update service functionality.\n (CVE-2012-1942, CVE-2012-1943)\n\n - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks.\n (CVE-2012-1944)\n\n - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)\n\n - An error exists related to the certificate warning page that can allow 'clickjacking' thereby tricking a user into accepting unintended certificates. (CVE-2012-1964)", "published": "2012-06-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=59407", "cvelist": ["CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1964", "CVE-2012-1943"], "lastseen": "2017-06-07T03:35:56"}, {"id": "MOZILLA_FIREFOX_21.NASL", "type": "nessus", "title": "Firefox < 21.0 Multiple Vulnerabilities", "description": "The installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by the following vulnerabilities :\n\n - Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669)\n\n - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670)\n\n - An information leakage exists because the file input control has access to the full path. (CVE-2013-1671)\n\n - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672)\n\n - The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942)\n\n - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674)\n\n - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675)\n\n - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)", "published": "2013-05-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66480", "cvelist": ["CVE-2013-1671", "CVE-2013-1678", "CVE-2013-1670", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1672", "CVE-2013-1681", "CVE-2013-1673", "CVE-2013-0801", "CVE-2013-1669", "CVE-2013-1676", "CVE-2013-1675", "CVE-2012-1942", "CVE-2013-1674", "CVE-2013-1677"], "lastseen": "2017-06-10T06:44:25"}, {"id": "FREEBSD_PKG_4A1CA8A4BD8211E2B7A0D43D7E0C7C02.NASL", "type": "nessus", "title": "FreeBSD : mozilla -- multiple vulnerabilities (4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02)", "description": "The Mozilla Project reports :\n\nMFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)\n\nMFSA 2013-42 Privileged access for content level constructor\n\nMFSA 2013-43 File input control has access to full path\n\nMFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service\n\nMFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries\n\nMFSA 2013-46 Use-after-free with video and onresize event\n\nMFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent\n\nMFSA 2013-48 Memory corruption found using Address Sanitizer", "published": "2013-05-16T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66455", "cvelist": ["CVE-2013-1671", "CVE-2013-1678", "CVE-2013-1670", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1672", "CVE-2013-1681", "CVE-2013-0801", "CVE-2013-1669", "CVE-2013-1676", "CVE-2013-1675", "CVE-2012-1942", "CVE-2013-1674", "CVE-2013-1677"], "lastseen": "2016-09-26T17:26:28"}, {"id": "MACOSX_FIREFOX_21.NASL", "type": "nessus", "title": "Firefox < 21.0 Multiple Vulnerabilities (Mac OS X)", "description": "The installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by multiple vulnerabilities :\n\n - Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669)\n\n - It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670)\n\n - An information leakage exists because the file input control has access to the full path. (CVE-2013-1671)\n\n - A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672)\n\n - The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942)\n\n - A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674)\n\n - Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675)\n\n - Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)", "published": "2013-05-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=66476", "cvelist": ["CVE-2013-1671", "CVE-2013-1678", "CVE-2013-1670", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1672", "CVE-2013-1681", "CVE-2013-1673", "CVE-2013-0801", "CVE-2013-1669", "CVE-2013-1676", "CVE-2013-1675", "CVE-2012-1942", "CVE-2013-1674", "CVE-2013-1677"], "lastseen": "2017-05-17T02:48:32"}, {"id": "SUSE_11_FIREFOX-20130628-130702.NASL", "type": "nessus", "title": "SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 8001)", "description": "Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security fixes.\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-49)\n\n Gary Kwong, Jesse Ruderman, and Andrew McCreight reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 21. (CVE-2013-1682)\n\n - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free problems rated critical as security issues in shipped software.\n Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free and buffer overflow flaws in code introduced during Firefox development. These were fixed before general release. (MFSA 2013-50)\n\n - Heap-use-after-free in mozilla::dom::HTMLMediaElement::LookupMediaElementURITab le. (CVE-2013-1684)\n\n - Heap-use-after-free in nsIDocument::GetRootElement.\n (CVE-2013-1685)\n\n - Heap-use-after-free in mozilla::ResetDir.\n (CVE-2013-1686)\n\n - Security researcher Mariusz Mlynski reported that it is possible to compile a user-defined function in the XBL scope of a specific element and then trigger an event within this scope to run code. In some circumstances, when this code is run, it can access content protected by System Only Wrappers (SOW) and chrome-privileged pages. This could potentially lead to arbitrary code execution. Additionally, Chrome Object Wrappers (COW) can be bypassed by web content to access privileged methods, leading to a cross-site scripting (XSS) attack from privileged pages. (MFSA 2013-51 / CVE-2013-1687)\n\n - Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable. (MFSA 2013-53 / CVE-2013-1690)\n\n - Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests.\n (MFSA 2013-54 / CVE-2013-1692)\n\n - Security researcher Paul Stone of Context Information Security discovered that timing differences in the processing of SVG format images with filters could allow for pixel values to be read. This could potentially allow for text values to be read across domains, leading to information disclosure. (MFSA 2013-55 / CVE-2013-1693)\n\n - Mozilla security researcher moz_bug_r_a4 reported that XrayWrappers can be bypassed to call content-defined toString and valueOf methods through DefaultValue. This can lead to unexpected behavior when privileged code acts on the incorrect values. (MFSA 2013-59 / CVE-2013-1697)\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-30)\n\n Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 19. (CVE-2013-0788)\n\n - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an out-of-bounds write in Cairo graphics library. When certain values are passed to it during rendering, Cairo attempts to use negative boundaries or sizes for boxes, leading to a potentially exploitable crash in some instances. (MFSA 2013-31 / CVE-2013-0800)\n\n - Security researcher Frederic Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control (UAC) prompt. The Mozilla Maintenance Service is configured to allow unprivileged users to start it with arbitrary arguments. By manipulating the data passed in these arguments, an attacker can execute arbitrary code with the system privileges used by the service. This issue requires local file system access to be exploitable.\n (MFSA 2013-32 / CVE-2013-0799)\n\n - Security researcher Ash reported an issue with the Mozilla Updater. The Mozilla Updater can be made to load a malicious local DLL file in a privileged context through either the Mozilla Maintenance Service or independently on systems that do not use the service.\n This occurs when the DLL file is placed in a specific location on the local system before the Mozilla Updater is run. Local file system access is necessary in order for this issue to be exploitable. (MFSA 2013-34 / CVE-2013-0797)\n\n - Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable. (MFSA 2013-35 / CVE-2013-0796)\n\n - Security researcher Cody Crews reported a mechanism to use the cloneNode method to bypass System Only Wrappers (SOW) and clone a protected node. This allows violation of the browser's same origin policy and could also lead to privilege escalation and the execution of arbitrary code. (MFSA 2013-36 / CVE-2013-0795)\n\n - Security researcher shutdown reported a method for removing the origin indication on tab-modal dialog boxes in combination with browser navigation. This could allow an attacker's dialog to overlay a page and show another site's content. This can be used for phishing by allowing users to enter data into a modal prompt dialog on an attacking, site while appearing to be from the displayed site. (MFSA 2013-37 / CVE-2013-0794)\n\n - Security researcher Mariusz Mlynski reported a method to use browser navigations through history to load an arbitrary website with that page's baseURI property pointing to another site instead of the seemingly loaded one. The user will continue to see the incorrect site in the addressbar of the browser. This allows for a cross-site scripting (XSS) attack or the theft of data through a phishing attack. (MFSA 2013-38 / CVE-2013-0793)\n\n - Mozilla community member Tobias Schula reported that if gfx.color_management.enablev4 preference is enabled manually in about:config, some grayscale PNG images will be rendered incorrectly and cause memory corruption during PNG decoding when certain color profiles are in use. A crafted PNG image could use this flaw to leak data through rendered images drawing from random memory.\n By default, this preference is not enabled. (MFSA 2013-39 / CVE-2013-0792)\n\n - Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) libary when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash.\n (MFSA 2013-40 / CVE-2013-0791)\n\n - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2013-41)\n\n References\n\n - Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, and Jeff Walden reported memory safety problems and crashes that affect Firefox ESR 17, and Firefox 20.\n\n - Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren reported memory safety problems and crashes that affect Firefox 20.\n\n - Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged access. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks. (MFSA 2013-42 / CVE-2013-1670)\n\n - Mozilla security researcher moz_bug_r_a4 reported a mechanism to exploit the control when set to the file type in order to get the full path. This can lead to information leakage and could be combined with other exploits to target attacks on the local file system.\n (MFSA 2013-43 / CVE-2013-1671)\n\n - Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. This issue allows unprivileged users to local privilege escalation through the system privileges used by the service when interacting with local malicious software. This allows the user to bypass integrity checks leading to local privilege escalation. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. (MFSA 2013-44 / CVE-2013-1672)\n\n - Security researcher Robert Kugler discovered that in some instances the Mozilla Maintenance Service on Windows will be vulnerable to some previously fixed privilege escalation attacks that allowed for local privilege escalation. This was caused by the Mozilla Updater not updating Windows Registry entries for the Mozilla Maintenance Service, which fixed the earlier issues present if Firefox 12 had been installed. New installations of Firefox after version 12 are not affected by this issue. Local file system access is necessary in order for this issue to be exploitable and it cannot be triggered through web content. References:\n - old MozillaMaintenance Service registry entry not updated leading to Trusted Path Privilege Escalation (CVE-2013-1673) - Possible Arbitrary Code Execution by Update Service. (CVE-2012-1942). (MFSA 2013-45)\n\n - Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution. (MFSA 2013-46 / CVE-2013-1674)\n\n - Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory. (MFSA 2013-47 / CVE-2013-1675)\n\n - Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release. (MFSA 2013-48)\n\n References\n\n - Out of Bounds Read in SelectionIterator::GetNextSegment.\n (CVE-2013-1676)\n\n - Out-of-bound read in gfxSkipCharsIterator::SetOffsets (CVE-2013-1677))\n\n - Invalid write in _cairo_xlib_surface_add_glyph.\n (CVE-2013-1678)\n\n - Heap-use-after-free in mozilla::plugins::child::_geturlnotify. (CVE-2013-1679)\n\n - Heap-use-after-free in nsFrameList::FirstChild.\n (CVE-2013-1680)\n\n - Heap-use-after-free in nsContentUtils::RemoveScriptBlocker. (CVE-2013-1681)\n\n - CVE-2012-1942\n\n - CVE-2013-0788\n\n - CVE-2013-0791\n\n - CVE-2013-0792\n\n - CVE-2013-0793\n\n - CVE-2013-0794\n\n - CVE-2013-0795\n\n - CVE-2013-0796\n\n - CVE-2013-0797\n\n - CVE-2013-0798\n\n - CVE-2013-0799\n\n - CVE-2013-0800\n\n - CVE-2013-0801\n\n - CVE-2013-1669\n\n - CVE-2013-1670\n\n - CVE-2013-1671\n\n - CVE-2013-1672\n\n - CVE-2013-1673\n\n - CVE-2013-1674\n\n - CVE-2013-1675\n\n - CVE-2013-1676\n\n - CVE-2013-1677\n\n - CVE-2013-1678\n\n - CVE-2013-1679\n\n - CVE-2013-1680\n\n - CVE-2013-1681\n\n - CVE-2013-1682\n\n - CVE-2013-1684\n\n - CVE-2013-1685\n\n - CVE-2013-1686\n\n - CVE-2013-1687\n\n - CVE-2013-1690\n\n - CVE-2013-1692\n\n - CVE-2013-1693\n\n - CVE-2013-1697", "published": "2013-07-18T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68949", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-0797", "CVE-2013-1671", "CVE-2013-1678", "CVE-2013-1670", "CVE-2013-0791", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-0794", "CVE-2013-1680", "CVE-2013-0795", "CVE-2013-1679", "CVE-2013-0798", "CVE-2013-0796", "CVE-2013-0800", "CVE-2013-1672", "CVE-2013-1681", "CVE-2013-0788", "CVE-2013-1673", "CVE-2013-1690", "CVE-2013-0801", "CVE-2013-1669", "CVE-2013-1684", "CVE-2013-1676", "CVE-2013-0799", "CVE-2013-1675", "CVE-2013-1686", "CVE-2012-1942", "CVE-2013-1682", "CVE-2013-1674", "CVE-2013-0792", "CVE-2013-1693", "CVE-2013-1677", "CVE-2013-0793"], "lastseen": "2016-09-26T17:25:56"}], "suse": [{"id": "SUSE-SU-2012:0746-1", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "description": "MozillaFirefox has been updated to 10.0.5ESR fixing various\n bugs and security issues.\n\n *\n\n MFSA 2012-34 Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n In general these flaws cannot be exploited through\n email in the Thunderbird and SeaMonkey products because\n scripting is disabled, but are potentially a risk in\n browser or browser-like contexts in those products.\n References\n\n Jesse Ruderman, Igor Bukanov, Bill McCloskey,\n Christian Holler, Andrew McCreight, and Brian Bondy\n reported memory safety problems and crashes that affect\n Firefox 12.(CVE-2012-1938)\n\n Christian Holler reported a memory safety problem\n that affects Firefox ESR. (CVE-2012-1939)\n\n Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse\n Ruderman reported memory safety problems and crashes that\n affect Firefox ESR and Firefox 13. (CVE-2012-1937)\n\n Ken Russell of Google reported a bug in NVIDIA\n graphics drivers that they needed to work around in the\n Chromium WebGL implementation. Mozilla has done the same in\n Firefox 13 and ESR 10.0.5. (CVE-2011-3101)\n\n *\n\n MFSA 2012-35 Security researcher James Forshaw of\n Context Information Security found two issues with the\n Mozilla updater and the Mozilla updater service introduced\n in Firefox 12 for Windows. The first issue allows Mozilla's\n updater to load a local DLL file in a privileged context.\n The updater can be called by the Updater Service or\n independently on systems that do not use the service. The\n second of these issues allows for the updater service to\n load an arbitrary local DLL file, which can then be run\n with the same system privileges used by the service. Both\n of these issues require local file system access to be\n exploitable.\n\n Possible Arbitrary Code Execution by Update Service\n (CVE-2012-1942) Updater.exe loads wsock32.dll from\n application directory (CVE-2012-1943)\n\n *\n\n MFSA 2012-36 Security researcher Adam Barth found\n that inline event handlers, such as onclick, were no longer\n blocked by Content Security Policy's (CSP) inline-script\n blocking feature. Web applications relying on this feature\n of CSP to protect against cross-site scripting (XSS) were\n not fully protected. (CVE-2012-1944)\n\n *\n\n MFSA 2012-37 Security researcher Paul Stone reported\n an attack where an HTML page hosted on a Windows share and\n then loaded could then load Windows shortcut files (.lnk)\n in the same share. These shortcut files could then link to\n arbitrary locations on the local file system of the\n individual loading the HTML page. That page could show the\n contents of these linked files or directories from the\n local file system in an iframe, causing information\n disclosure.\n\n This issue could potentially affect Linux machines\n with samba shares enabled. (CVE-2012-1945)\n\n *\n\n MFSA 2012-38 Security researcher Arthur Gerkis used\n the Address Sanitizer tool to find a use-after-free while\n replacing/inserting a node in a document. This\n use-after-free could possibly allow for remote code\n execution. (CVE-2012-1946)\n\n *\n\n MFSA 2012-39 Security researcher Kaspar Brand found a\n flaw in how the Network Security Services (NSS) ASN.1\n decoder handles zero length items. Effects of this issue\n depend on the field. One known symptom is an unexploitable\n crash in handling OCSP responses. NSS also mishandles\n zero-length basic constraints, assuming default values for\n some types that should be rejected as malformed. These\n issues have been addressed in NSS 3.13.4, which is now\n being used by Mozilla. (CVE-2012-0441)\n\n *\n\n MFSA 2012-40 Security researcher Abhishek Arya of\n Google used the Address Sanitizer tool to uncover several\n issues: two heap buffer overflow bugs and a use-after-free\n problem. The first heap buffer overflow was found in\n conversion from unicode to native character sets when the\n function fails. The use-after-free occurs in nsFrameList\n when working with column layout with absolute positioning\n in a container that changes size. The second buffer\n overflow occurs in nsHTMLReflowState when a window is\n resized on a page with nested columns and a combination of\n absolute and relative positioning. All three of these\n issues are potentially exploitable.\n\n Heap-buffer-overflow in utf16_to_isolatin1\n (CVE-2012-1947) Heap-use-after-free in\n nsFrameList::FirstChild (CVE-2012-1940)\n\n Heap-buffer-overflow in\n nsHTMLReflowState::CalculateHypotheticalBox, with nested\n multi-column, relative position, and absolute position\n (CVE-2012-1941)\n\n More information on security issues can be found on:\n <a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/\">http://www.mozilla.org/security/announce/</a>\n &lt;<a rel=\"nofollow\" href=\"http://www.mozilla.org/security/announce/\">http://www.mozilla.org/security/announce/</a>&gt;\n\n", "published": "2012-06-15T22:08:23", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html", "cvelist": ["CVE-2012-1945", "CVE-2012-1944", "CVE-2012-1940", "CVE-2012-1938", "CVE-2012-1941", "CVE-2012-1946", "CVE-2011-3101", "CVE-2012-1939", "CVE-2012-1942", "CVE-2012-1947", "CVE-2012-0441", "CVE-2012-1937", "CVE-2012-1943"], "lastseen": "2016-09-04T12:11:40"}, {"id": "SUSE-SU-2013:1152-1", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "description": "Mozilla Firefox has been updated to the 17.0.7 ESR version,\n which fixes bugs and security fixes.\n\n *\n\n MFSA 2013-49: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Gary Kwong, Jesse Ruderman, and Andrew McCreight\n reported memory safety problems and crashes that affect\n Firefox ESR 17, and Firefox 21. (CVE-2013-1682)\n\n *\n\n MFSA 2013-50: Security researcher Abhishek Arya\n (Inferno) of the Google Chrome Security Team used the\n Address Sanitizer tool to discover a series of\n use-after-free problems rated critical as security issues\n in shipped software. Some of these issues are potentially\n exploitable, allowing for remote code execution. We would\n also like to thank Abhishek for reporting additional\n use-after-free and buffer overflow flaws in code introduced\n during Firefox development. These were fixed before general\n release.\n\n o Heap-use-after-free in\n mozilla::dom::HTMLMediaElement::LookupMediaElementURITable\n (CVE-2013-1684) o Heap-use-after-free in\n nsIDocument::GetRootElement (CVE-2013-1685) o\n Heap-use-after-free in mozilla::ResetDir (CVE-2013-1686)\n *\n\n MFSA 2013-51 / CVE-2013-1687: Security researcher\n Mariusz Mlynski reported that it is possible to compile a\n user-defined function in the XBL scope of a specific\n element and then trigger an event within this scope to run\n code. In some circumstances, when this code is run, it can\n access content protected by System Only Wrappers (SOW) and\n chrome-privileged pages. This could potentially lead to\n arbitrary code execution. Additionally, Chrome Object\n Wrappers (COW) can be bypassed by web content to access\n privileged methods, leading to a cross-site scripting (XSS)\n attack from privileged pages.\n\n *\n\n MFSA 2013-53 / CVE-2013-1690: Security researcher\n Nils reported that specially crafted web content using the\n onreadystatechange event and reloading of pages could\n sometimes cause a crash when unmapped memory is executed.\n This crash is potentially exploitable.\n\n *\n\n MFSA 2013-54 / CVE-2013-1692: Security researcher\n Johnathan Kuskos reported that Firefox is sending data in\n the body of XMLHttpRequest (XHR) HEAD requests, which goes\n agains the XHR specification. This can potentially be used\n for Cross-Site Request Forgery (CSRF) attacks against sites\n which do not distinguish between HEAD and POST requests.\n\n *\n\n MFSA 2013-55 / CVE-2013-1693: Security researcher\n Paul Stone of Context Information Security discovered that\n timing differences in the processing of SVG format images\n with filters could allow for pixel values to be read. This\n could potentially allow for text values to be read across\n domains, leading to information disclosure.\n\n *\n\n MFSA 2013-59 / CVE-2013-1697: Mozilla security\n researcher moz_bug_r_a4 reported that XrayWrappers can be\n bypassed to call content-defined toString and valueOf\n methods through DefaultValue. This can lead to unexpected\n behavior when privileged code acts on the incorrect values.\n\n *\n\n MFSA 2013-30: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian\n Holler, Milan Sreckovic, and Joe Drew reported memory\n safety problems and crashes that affect Firefox ESR 17, and\n Firefox 19. (CVE-2013-0788)\n\n *\n\n MFSA 2013-31 / CVE-2013-0800: Security researcher\n Abhishek Arya (Inferno) of the Google Chrome Security Team\n used the Address Sanitizer tool to discover an\n out-of-bounds write in Cairo graphics library. When certain\n values are passed to it during rendering, Cairo attempts to\n use negative boundaries or sizes for boxes, leading to a\n potentially exploitable crash in some instances.\n\n *\n\n MFSA 2013-32 / CVE-2013-0799: Security researcher\n Frederic Hoguin discovered that the Mozilla Maintenance\n Service on Windows was vulnerable to a buffer overflow.\n This system is used to update software without invoking the\n User Account Control (UAC) prompt. The Mozilla Maintenance\n Service is configured to allow unprivileged users to start\n it with arbitrary arguments. By manipulating the data\n passed in these arguments, an attacker can execute\n arbitrary code with the system privileges used by the\n service. This issue requires local file system access to be\n exploitable.\n\n *\n\n MFSA 2013-34 / CVE-2013-0797: Security researcher Ash\n reported an issue with the Mozilla Updater. The Mozilla\n Updater can be made to load a malicious local DLL file in a\n privileged context through either the Mozilla Maintenance\n Service or independently on systems that do not use the\n service. This occurs when the DLL file is placed in a\n specific location on the local system before the Mozilla\n Updater is run. Local file system access is necessary in\n order for this issue to be exploitable.\n\n *\n\n MFSA 2013-35 / CVE-2013-0796: Security researcher\n miaubiz used the Address Sanitizer tool to discover a crash\n in WebGL rendering when memory is freed that has not\n previously been allocated. This issue only affects Linux\n users who have Intel Mesa graphics drivers. The resulting\n crash could be potentially exploitable.\n\n *\n\n MFSA 2013-36 / CVE-2013-0795: Security researcher\n Cody Crews reported a mechanism to use the cloneNode method\n to bypass System Only Wrappers (SOW) and clone a protected\n node. This allows violation of the browser's same origin\n policy and could also lead to privilege escalation and the\n execution of arbitrary code.\n\n *\n\n MFSA 2013-37 / CVE-2013-0794: Security researcher\n shutdown reported a method for removing the origin\n indication on tab-modal dialog boxes in combination with\n browser navigation. This could allow an attacker's dialog\n to overlay a page and show another site's content. This can\n be used for phishing by allowing users to enter data into a\n modal prompt dialog on an attacking, site while appearing\n to be from the displayed site.\n\n *\n\n MFSA 2013-38 / CVE-2013-0793: Security researcher\n Mariusz Mlynski reported a method to use browser\n navigations through history to load an arbitrary website\n with that page's baseURI property pointing to another site\n instead of the seemingly loaded one. The user will continue\n to see the incorrect site in the addressbar of the browser.\n This allows for a cross-site scripting (XSS) attack or the\n theft of data through a phishing attack.\n\n *\n\n MFSA 2013-39 / CVE-2013-0792: Mozilla community\n member Tobias Schula reported that if\n gfx.color_management.enablev4 preference is enabled\n manually in about:config, some grayscale PNG images will be\n rendered incorrectly and cause memory corruption during PNG\n decoding when certain color profiles are in use. A crafted\n PNG image could use this flaw to leak data through rendered\n images drawing from random memory. By default, this\n preference is not enabled.\n\n *\n\n MFSA 2013-40 / CVE-2013-0791: Mozilla community\n member Ambroz Bizjak reported an out-of-bounds array read\n in the CERT_DecodeCertPackage function of the Network\n Security Services (NSS) libary when decoding a certificate.\n When this occurs, it will lead to memory corruption and a\n non-exploitable crash.\n\n *\n\n MFSA 2013-41: Mozilla developers identified and fixed\n several memory safety bugs in the browser engine used in\n Firefox and other Mozilla-based products. Some of these\n bugs showed evidence of memory corruption under certain\n circumstances, and we presume that with enough effort at\n least some of these could be exploited to run arbitrary\n code.\n\n References\n\n o Christoph Diehl, Christian Holler, Jesse\n Ruderman, Timothy Nikkel, and Jeff Walden reported memory\n safety problems and crashes that affect Firefox ESR 17, and\n Firefox 20. o Bob Clary, Ben Turner, Benoit Jacob, Bobby\n Holley, Christoph Diehl, Christian Holler, Andrew\n McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman,\n Matt Wobensmith, and Mats Palmgren reported memory safety\n problems and crashes that affect Firefox 20.\n *\n\n MFSA 2013-42 / CVE-2013-1670: Security researcher\n Cody Crews reported a method to call a content level\n constructor that allows for this constructor to have chrome\n privileged accesss. This affects chrome object wrappers\n (COW) and allows for write actions on objects when only\n read actions should be allowed. This can lead to cross-site\n scripting (XSS) attacks.\n\n *\n\n MFSA 2013-43 / CVE-2013-1671: Mozilla security\n researcher moz_bug_r_a4 reported a mechanism to exploit the\n control when set to the file type in order to get the full\n path. This can lead to information leakage and could be\n combined with other exploits to target attacks on the local\n file system.\n\n *\n\n MFSA 2013-44 / CVE-2013-1672: Security researcher Seb\n Patane reported an issue with the Mozilla Maintenance\n Service on Windows. This issue allows unprivileged users to\n local privilege escalation through the system privileges\n used by the service when interacting with local malicious\n software. This allows the user to bypass integrity checks\n leading to local privilege escalation. Local file system\n access is necessary in order for this issue to be\n exploitable and it cannot be triggered through web content.\n\n *\n\n MFSA 2013-45: Security researcher Robert Kugler\n discovered that in some instances the Mozilla Maintenance\n Service on Windows will be vulnerable to some previously\n fixed privilege escalation attacks that allowed for local\n privilege escalation. This was caused by the Mozilla\n Updater not updating Windows Registry entries for the\n Mozilla Maintenance Service, which fixed the earlier issues\n present if Firefox 12 had been installed. New installations\n of Firefox after version 12 are not affected by this issue.\n Local file system access is necessary in order for this\n issue to be exploitable and it cannot be triggered through\n web content. References: - old MozillaMaintenance Service\n registry entry not updated leading to Trusted Path\n Privilege Escalation (CVE-2013-1673) - Possible Arbitrary\n Code Execution by Update Service (CVE-2012-1942)\n\n *\n\n MFSA 2013-46 / CVE-2013-1674: Security researcher\n Nils reported a use-after-free when resizing video while\n playing. This could allow for arbitrary code execution.\n\n *\n\n MFSA 2013-47 / CVE-2013-1675: Mozilla community\n member Ms2ger discovered that some DOMSVGZoomEvent\n functions are used without being properly initialized,\n causing uninitialized memory to be used when they are\n called by web content. This could lead to a information\n leakage to sites depending on the contents of this\n uninitialized memory.\n\n *\n\n MFSA 2013-48: Security researcher Abhishek Arya\n (Inferno) of the Google Chrome Security Team used the\n Address Sanitizer tool to discover a series of\n use-after-free, out of bounds read, and invalid write\n problems rated as moderate to critical as security issues\n in shipped software. Some of these issues are potentially\n exploitable, allowing for remote code execution. We would\n also like to thank Abhishek for reporting additional\n use-after-free flaws in dir=auto code introduced during\n Firefox development. These were fixed before general\n release.\n\n References\n\n o Out of Bounds Read in\n SelectionIterator::GetNextSegment (CVE-2013-1676) o\n Out-of-bound read in gfxSkipCharsIterator::SetOffsets\n (CVE-2013-1677)) o Invalid write in\n _cairo_xlib_surface_add_glyph (CVE-2013-1678) o\n Heap-use-after-free in\n mozilla::plugins::child::_geturlnotify (CVE-2013-1679) o\n Heap-use-after-free in nsFrameList::FirstChild\n (CVE-2013-1680) o Heap-use-after-free in\n nsContentUtils::RemoveScriptBlocker (CVE-2013-1681)\n *\n\n CVE-2012-1942\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942</a>\n &gt;\n\n * CVE-2013-0788\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0788</a>\n &gt;\n * CVE-2013-0791\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791</a>\n &gt;\n * CVE-2013-0792\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0792</a>\n &gt;\n * CVE-2013-0793\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0793</a>\n &gt;\n * CVE-2013-0794\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0794</a>\n &gt;\n * CVE-2013-0795\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0795</a>\n &gt;\n * CVE-2013-0796\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0796</a>\n &gt;\n * CVE-2013-0797\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0797</a>\n &gt;\n * CVE-2013-0798\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0798</a>\n &gt;\n * CVE-2013-0799\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0799</a>\n &gt;\n * CVE-2013-0800\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0800</a>\n &gt;\n * CVE-2013-0801\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801</a>\n &gt;\n * CVE-2013-1669\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1669\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1669</a>\n &gt;\n * CVE-2013-1670\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670</a>\n &gt;\n * CVE-2013-1671\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1671</a>\n &gt;\n * CVE-2013-1672\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1672</a>\n &gt;\n * CVE-2013-1673\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1673</a>\n &gt;\n * CVE-2013-1674\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674</a>\n &gt;\n * CVE-2013-1675\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675</a>\n &gt;\n * CVE-2013-1676\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676</a>\n &gt;\n * CVE-2013-1677\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677</a>\n &gt;\n * CVE-2013-1678\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678</a>\n &gt;\n * CVE-2013-1679\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679</a>\n &gt;\n * CVE-2013-1680\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680</a>\n &gt;\n * CVE-2013-1681\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681</a>\n &gt;\n * CVE-2013-1682\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1682</a>\n &gt;\n * CVE-2013-1684\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1684</a>\n &gt;\n * CVE-2013-1685\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1685</a>\n &gt;\n * CVE-2013-1686\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1686</a>\n &gt;\n * CVE-2013-1687\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1687</a>\n &gt;\n * CVE-2013-1690\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1690</a>\n &gt;\n * CVE-2013-1692\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1692</a>\n &gt;\n * CVE-2013-1693\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1693</a>\n &gt;\n * CVE-2013-1697\n &lt;<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1697</a>\n &gt;\n\n", "published": "2013-07-05T22:04:14", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html", "cvelist": ["CVE-2013-1687", "CVE-2013-1692", "CVE-2013-0797", "CVE-2013-1671", "CVE-2013-1678", "CVE-2013-1670", "CVE-2013-0791", "CVE-2013-1685", "CVE-2013-1697", "CVE-2013-0794", "CVE-2013-1680", "CVE-2013-0795", "CVE-2013-1679", "CVE-2013-0798", "CVE-2013-0796", "CVE-2013-0800", "CVE-2013-1672", "CVE-2013-1681", "CVE-2013-0788", "CVE-2013-1673", "CVE-2013-1690", "CVE-2013-0801", "CVE-2013-1669", "CVE-2013-1684", "CVE-2013-1676", "CVE-2013-0799", "CVE-2013-1675", "CVE-2013-1686", "CVE-2012-1942", "CVE-2013-1682", "CVE-2013-1674", "CVE-2013-0792", "CVE-2013-1693", "CVE-2013-1677", "CVE-2013-0793"], "lastseen": "2016-09-04T11:21:38"}], "freebsd": [{"id": "4A1CA8A4-BD82-11E2-B7A0-D43D7E0C7C02", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "description": "\nThe Mozilla Project reports:\n\nMFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0\n\t / rv:17.0.6)\nMFSA 2013-42 Privileged access for content level constructor\nMFSA 2013-43 File input control has access to full path\nMFSA 2013-44 Local privilege escalation through Mozilla\n\t Maintenance Service\nMFSA 2013-45 Mozilla Updater fails to update some Windows Registry\n\t entries\nMFSA 2013-46 Use-after-free with video and onresize event\nMFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent\nMFSA 2013-48 Memory corruption found using Address Sanitizer\n\n", "published": "2013-05-14T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/4a1ca8a4-bd82-11e2-b7a0-d43d7e0c7c02.html", "cvelist": ["CVE-2013-1671", "CVE-2013-1678", "CVE-2013-1670", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1672", "CVE-2013-1681", "CVE-2013-0801", "CVE-2013-1669", "CVE-2013-1676", "CVE-2013-1675", "CVE-2012-1942", "CVE-2013-1674", "CVE-2013-1677"], "lastseen": "2016-09-26T17:24:30"}]}}